Hyper-V and Spectre/Meltdown: Protecting Your Hosts – Do This!

SMThere is a lot of information swirling around out there on what to do with the latest Spectre/Meltdown vulnerabilities. Whereas I can’t tell you how to solve the vulnerabilities for for every Hardware and Operating System combination, I can tell you how to get your Hyper-V environments protected.  You might be interested in every fine detail of what is happening or you may want to just find out how to get protected as quick as possible.  If you are interested in the latter, then this is the blog to start with.    Here are the no nonsense steps that will protect your Hyper-V hosts.  I will be making a second post for the VMs running on these hosts.

Windows 2012 R2 and Windows 2016 Hosts

All Associated Files for Fixing and Testing for Spectre/Meltdown can be found HERE:

reg add “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management” /v FeatureSettingsOverride /t REG_DWORD /d 0 /f

reg add “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management” /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f

reg add “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization” /v MinVmVersionForCpuBasedMitigations /t REG_SZ /d “1.0” /f

    • OR through Group Policy Registry Preference if you want to get to a baseline throughout your environment across all your hosts.



* Other Firmware Modules that I use can be found here:  Removed Due to Issues with first version of release firmware.  I will include more here once the final revisions have been released.


For links to your HP or Dell hosts updated firmware for the Spectre/Meltdown Vulnerability, you can check the links below

HP: https://h22208.www2.hpe.com/eginfolib/securityalerts/SCAM/Side_Channel_Analysis_Method.html

Dell: http://www.dell.com/support/article/us/en/19/sln308588/microprocessor-side-channel-vulnerabilities-cve-2017-5715-cve-2017-5753-cve-2017-5754-impact-on-dell-emc-products-dell-enterprise-servers-storage-and-networking-?lang=en



  • Download the Following Test Scripts from HERE and place them on a folder on your Hyper-V host.
    • SpeculationControl.psd1
    • SpeculationControl.psm1
    • SpeculationControl-runme.ps1
  • Open PowerShell and Change your Directory to the location of your scripts i.e. CD \Spectre_Meltdown
  • Run Import-Module .\SpeculationControl.psd1
  • Run Get-SpeculationControlSettings
  • If patched correctly, your results should look like the screenshot below.


If it looks like this, with lots of green, you are on the right track.  Check back to see if there are any other additions that come out in the next few days/weeks.


Sources for More Information:


Support Guidance:






This entry was posted in Hyper-V, PowerShell, Vendor, Windows Server 2012 R2, Windows Server 2016 and tagged , , , , , , , , , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s